Reputation: 563
Why prepared statement doesn't work?
I am using this code to check if the user is logged:
function login_check_admin($mysqli) {
// Check if all session variables are set
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
if ($stmt = $mysqli->prepare("SELECT admin_pas FROM admins WHERE admin_id = ? LIMIT 1")) {
$stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) { // If the user exists
$stmt->bind_result($password); // get variables from result.
$stmt->fetch();
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Logged In!!!!
return true;
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
}
Problem is it only works with the last member thats is added to the admins table. As soon as I add another member to the admins table, it returns false when I am logged in with all other members and returns true only when I am logged in with that most recently added member. I changed the code to this and now it works fine. I don't know why prepared statement not work.
function login_check_admin($mysqli) {
// Check if all session variables are set
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
if ($result = $mysqli->query("SELECT admin_pas FROM admins WHERE admin_id = ? LIMIT 1")) {
if($obj = $result->fetch_object()) { // If the user exists
$password = $obj->admin_pas;
unset($obj);
$result->close();
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Logged In!!!!
return true;
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
}
Upvotes: 0
Views: 114
Answers (1)
Reputation: 157838
Here is an improved version of your function
function login_check_admin() {
if(isset($_SESSION['user_id'])
&& $_SESSION['user_agent'] == $_SERVER['HTTP_USER_AGENT'])
{
return TRUE;
}
}
To answer the literal question.
A programmer should never judge the code by indirect consequences. Always verify only direct ones. Have an assumption that prepared statement doesn't work? Create a code snippet that contains this statement only and check for the every possible error and verify the state of every variable involved, as well as result of every function and operator. And you will have clear picture - if it really doesn't work, and why if so.
This routine is called "debugging" and can be done by a programmer himself only, not by someone watching the code.
Upvotes: 2
Related Questions
- Whats wrong with this prepared statement
- My MySQL prepared statement won't work
- query execution with prepared statements not working
- Prepared Statement doesn't work
- mysql prepared statement is not working
- Query working normally but not working in prepared statements
- PHP mysqli prepare statement not working
- PHP Prepared statement has an issue
- PHP-MySQLi Prepared Statement not working in code but working is PHPMyAdmin
- Prepared statements in mysqli not working